# 华为设备SSH配置脚本
# 设备名称：{{ sysname }}
# 生成时间：{{ now().strftime('%Y-%m-%d %H:%M:%S') }}

system-view

# 配置设备名称
sysname {{ sysname }}

{% if mgmt_vlan %}
    # 创建管理VLAN
    vlan {{ mgmt_vlan }}
    description mgmt
    quit
{% endif %}

{% if mgmt_ip and mgmt_mask %}
    # 配置VLAN接口IP
    interface Vlanif{{ mgmt_vlan }}
    description mgmt
    ip address {{ mgmt_ip }} {{ mgmt_mask }}
    quit
{% endif %}

{% if gateway %}
    # 配置默认路由
    ip route-static 0.0.0.0 0.0.0.0 {{ gateway }}
{% endif %}

# 配置SSH参数
stelnet server enable
ssh user {{ user }} authentication-type password
ssh user {{ user }} service-type stelnet
ssh authorization-type default aaa

# 生成RSA密钥
rsa local-key-pair create
2048

{% if user and password %}
    # 创建本地用户
    aaa
    local-user {{ user }} password cipher {{ password }}
    local-user {{ user }} privilege level 15
    local-user {{ user }} service-type ssh
    quit
{% endif %}

# 配置用户界面
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 15
quit

# 保存配置
quit
save
y
